The new rules, which went into effect earlier this week, requires business associates that handle patient health information as part of the services they provide to these covered entities to adhere to all HIPAA rules. Additionally, they increase patient privacy protections, explain new rights to people to access their health information, and give the Department of Human Services greater ability to enforce the law.

But some experts believe hospitals are at the greatest risk of violating the new law.

“Most hospitals are grossly noncompliant,” Ryan Kalember, chief product officer at WatchDox, told the Wall Street Journal (WSJ). “All clinical staff and most administrative staff are just doing what they can to get things done … sharing information and not having any sort of an audit trail is really problematic. That is a HITECH violation and a HIPAA violation.”

The responsibility that health care providers use proper precautions and technology—such as secured and encrypted systems—when allowing BYOD in the workplace lies on the employer, Kalember explained.

While the updated rules are new, experts say now is the time for hospitals to update their systems to ensure compliance.

Stephen Li, chief information officer at Jersey City Medical Center, told the WSJ that the key is to make sure records are protected but implement a system that is easy to use, as doctors and nurses need to spend their time focusing on the needs of their patients and not on whether their emails are secure.

Read more about this and best practices around the new HIPAA rules on the WSJ.